Log In

Linux vulnerability could lead to DDoS attacks

Users advised to apply update.

A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an advisory.

The CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute said that patches for the vulnerability have been released.

“Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the advisory states.

“An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions.”

Malicious actors could maintain the attack by using a continuous two-way TCP session to a reachable open port.

Researchers noted that because of this, the attacks can't be performed using spoofed IP addresses.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.